Efficient Reasoning about Executable Specifications in Coq

Barthe, Gilles; Courtieu, Pierre

doi:10.1007/3-540-45685-6_4

Cited by 26 publications

(19 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The recursive definition of F3 requires the use of the Function tool (Balaa and Bertot, 2000;Barthe and Courtieu, 2002;Barthe et al, 2006). Its termination can be proved using a well-founded ordering in terms of the anonymous function that follows the wf keyword, which compares the number of nodes of the two trees given as argument.…”

Section: Additional Certification Of the Synthesized Algorithmsmentioning

confidence: 99%

Mechanical synthesis of sorting algorithms for binary trees by logic and combinatorial techniques

Dramnesc

Jebelean

Stratulat

2019

Journal of Symbolic Computation

View full text Add to dashboard Cite

We develop logic and combinatorial methods for automating the generation of sorting algorithms for binary trees, starting from input-output specifications and producing conditional rewrite rules. The main approach consists in proving (constructively) the existence of an appropriate output from every input. The proof may fail if some necessary sub-algorithms are lacking. Then, their specifications are suggested and their synthesis is performed by the same principles.Our main goal is to avoid the possibly prohibitive cost of pure resolution proofs by using a natural-style proving in which domain-specific strategies and inference steps lead to a significant increase of efficiency. In addition to classical techniques for natural-style proving, we introduce novel ones (priority of certain types of assumptions, transformation of elementary goals into conditions, special criteria for decomposition of the goal and of the assumptions), as well as methods based on the properties of domain-specific relations and functions. In particular, we use combinatorial techniques in order to generate possible witnesses, which in certain cases lead to the discovery of new induction principles. From the proof, the algorithm is extracted by transforming inductive proof steps into recursions, and case-based proof steps into conditionals.The approach is demonstrated in parallel using the Theorema system, by developing the theory, implementing the prover, and performing the proofs of the necessary properties and synthesis conjectures. It is also validated in the Coq system, which allows to compare the facilities of the two systems from the point of view of our application.

show abstract

Section: Additional Certification Of the Synthesized Algorithmsmentioning

confidence: 99%

Mechanical synthesis of sorting algorithms for binary trees by logic and combinatorial techniques

Dramnesc

Jebelean

Stratulat

2019

Journal of Symbolic Computation

View full text Add to dashboard Cite

show abstract

“…functional induction is a new Coq tactic that originates from work by Barthe and Courtieu [2]; it generates automatically induction principles which have proved very useful in reasoning about executable semantics [3], but its scope of application is limited to structurally recursive functions. In addition, the tactic builds the induction principle from the internal representation of the function instead of building it from the user definition of the function, which leads to unnecessarily verbose induction principles which in some circumstances are hard to use.…”

Section: Functional Inductionmentioning

confidence: 99%

Defining and Reasoning About Recursive Functions: A Practical Tool for the Coq Proof Assistant

Barthe

Forest

Pichardie

et al. 2006

Functional and Logic Programming

Self Cite

View full text Add to dashboard Cite

Abstract. We present a practical tool for defining and proving properties of recursive functions in the Coq proof assistant. The tool generates from pseudo-code the graph of the intended function as an inductive relation. Then it proves that the relation actually represents a function, which is by construction the function that we are trying to define. Then, we generate induction and inversion principles, and a fixpoint equation for proving other properties of the function. Our tool builds upon stateof-the-art techniques for defining recursive functions, and can also be used to generate executable functions from inductive descriptions of their graph. We illustrate the benefits of our tool on two case studies.

show abstract

“…While being built for the purpose of cross-validation and for Coq, these tactics are of general interest and their underlying principles are applicable to other proof assistants, see [4] for more details. In order to implement completely our methodology for another prover, it is necessary to have similar tactics/strategies.…”

Section: Reasoning Tacticsmentioning

confidence: 99%

Tool-Assisted Specification and Verification of Typed Low-Level Languages

et al. 2006

Self Cite

View full text Add to dashboard Cite

Abstract. Bytecode verification is one of the key security functions of several architectures for mobile and embedded code, including Java, Java Card, and .NET. Over the last few years, its formal correctness has been studied extensively by academia and industry, using general purpose theorem provers. The objective of our work is to facilitate such endeavors by providing a dedicated environment for establishing the correctness of bytecode verification within a proof assistant.The environment, called Jakarta, exploits a methodology that casts the correctness of bytecode verification relatively to a defensive virtual machine that performs checks at run-time, and an offensive one that does not, and can be summarized as stating that the two machines coincide on programs that pass bytecode verification. Such a methodology has been used successfully to prove the correctness of the Java Card bytecode verifier, and may potentially be applied to many other similar problems. One definite advantage of the methodology is that it is amenable to automation. Indeed, Jakarta automates the construction of an offensive virtual machine and a bytecode verifier from a defensive machine, and the proofs of correctness of the bytecode verifier.We illustrate the principles of Jakarta on a simple low-level language extended with subroutines, and discuss its usefulness to proving the correctness of the Java Card platform.

show abstract

Efficient Reasoning about Executable Specifications in Coq

Cited by 26 publications

References 12 publications

Mechanical synthesis of sorting algorithms for binary trees by logic and combinatorial techniques

Mechanical synthesis of sorting algorithms for binary trees by logic and combinatorial techniques

Defining and Reasoning About Recursive Functions: A Practical Tool for the Coq Proof Assistant

Tool-Assisted Specification and Verification of Typed Low-Level Languages

Contact Info

Product

Resources

About